How to block access to external hard drives in ThreatLocker?
This document outlines the step-by-step process of how to block access to external hard drives in ThreatLocker Dashboard.
This article is a part of our ThreatLocker How-to Guides series, Chapter 05 – Storage Control.
Introduction
External hard drives and removable media can introduce serious security risks such as data theft, malware infection, and unauthorized backups. To maintain control and compliance, it’s recommended to block these devices unless specifically allowed.With ThreatLocker Storage Control, you can enforce a policy that blocks external USB hard drives, portable DVD drives, and SD cards, while leaving internal system drives untouched.
Implementation
Step 1: Access the Storage Control Module
- Log in to the ThreatLocker Portal.
- Navigate to Modules > Storage Control.
- Click ‘Create Policy’
Step 2: Fill in the Policy Creation Form
- In the Details section:
- Name: Block External disk.
- Description: Block removable HDDs, DVD drives, and SD cards
- In the Applied To section:
- Applied To: Select the target computer or computer group where the policy should be enforced
3. In the Condition section:
- Access Type: Read (or Read/Write if you also want to block writing)
- Interface Type: Select Selected Interfaces
- Select the interface you want to block, depending on your needs:
- USB → For external hard drives and USB storage
- DVD → For portable DVD/CD drives
- SDXC → For SD cards and card readers
- Select the interface you want to block, depending on your needs:
5. In the Action section:
- Select “Deny” as the action
- Enable the ‘Allow User to Request’ option to let users submit a request for temporary access when needed.
- Add the policy to the top of the policy list to ensure it takes priority
6. Once all fields are configured, click Create to save the policy
Step 3: Deploy the policy
Go back to the Policies list:
- Click Deploy to activate the policy on the selected machines
Conclusion
By blocking access to specific storage interfaces such as SDXC, USB, or DVD, ThreatLocker helps you control the use of removable storage and protect your environment from:
- Data exfiltration
- Malware introduced via external devices
- Unauthorized backups or file transfers
This granular policy enforcement is fully aligned with a Zero Trust approach, where only explicitly approved access is permitted.
You can also maintain flexibility by enabling the “Allow User to Request” option, giving end users a secure way to ask for temporary access when necessary.With ThreatLocker Storage Control, you gain full visibility and control over all storage activity without sacrificing usability or compliance.